Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0557
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0557)
Zusammenfassung:	The remote host is missing an update for the 'cxf' package(s) announced via the MGASA-2014-0557 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'cxf' package(s) announced via the MGASA-2014-0557 advisory. Vulnerability Insight: Updated cxf packages fix security vulnerabilities: An Apache CXF JAX-RS service can process SAML tokens received in the authorization header of a request via the SamlHeaderInHandler. However it is possible to cause an infinite loop in the parsing of this header by passing certain bad values for the header, leading to a Denial of Service attack on the service (CVE-2014-3584). Apache CXF is vulnerable to a possible SSL hostname verification bypass, due to a flaw in comparing the server hostname to the domain name in the Subject's DN field. A Man In The Middle attack can exploit this vulnerability by using a specially crafted Subject DN to spoof a valid certificate (CVE-2014-3577). Affected Software/OS: 'cxf' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3577 BugTraq ID: 69258 http://www.securityfocus.com/bid/69258 http://seclists.org/fulldisclosure/2014/Aug/48 http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E http://www.openwall.com/lists/oss-security/2021/10/06/1 http://www.osvdb.org/110143 RedHat Security Advisories: RHSA-2014:1146 http://rhn.redhat.com/errata/RHSA-2014-1146.html RedHat Security Advisories: RHSA-2014:1166 http://rhn.redhat.com/errata/RHSA-2014-1166.html RedHat Security Advisories: RHSA-2014:1833 http://rhn.redhat.com/errata/RHSA-2014-1833.html RedHat Security Advisories: RHSA-2014:1834 http://rhn.redhat.com/errata/RHSA-2014-1834.html RedHat Security Advisories: RHSA-2014:1835 http://rhn.redhat.com/errata/RHSA-2014-1835.html RedHat Security Advisories: RHSA-2014:1836 http://rhn.redhat.com/errata/RHSA-2014-1836.html RedHat Security Advisories: RHSA-2014:1891 http://rhn.redhat.com/errata/RHSA-2014-1891.html RedHat Security Advisories: RHSA-2014:1892 http://rhn.redhat.com/errata/RHSA-2014-1892.html RedHat Security Advisories: RHSA-2015:0125 http://rhn.redhat.com/errata/RHSA-2015-0125.html RedHat Security Advisories: RHSA-2015:0158 http://rhn.redhat.com/errata/RHSA-2015-0158.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html RedHat Security Advisories: RHSA-2015:0850 http://rhn.redhat.com/errata/RHSA-2015-0850.html RedHat Security Advisories: RHSA-2015:0851 http://rhn.redhat.com/errata/RHSA-2015-0851.html RedHat Security Advisories: RHSA-2015:1176 http://rhn.redhat.com/errata/RHSA-2015-1176.html RedHat Security Advisories: RHSA-2015:1177 http://rhn.redhat.com/errata/RHSA-2015-1177.html RedHat Security Advisories: RHSA-2015:1888 http://rhn.redhat.com/errata/RHSA-2015-1888.html RedHat Security Advisories: RHSA-2016:1773 http://rhn.redhat.com/errata/RHSA-2016-1773.html RedHat Security Advisories: RHSA-2016:1931 http://rhn.redhat.com/errata/RHSA-2016-1931.html http://www.securitytracker.com/id/1030812 http://secunia.com/advisories/60466 http://secunia.com/advisories/60589 http://secunia.com/advisories/60713 SuSE Security Announcement: openSUSE-SU-2020:1873 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html SuSE Security Announcement: openSUSE-SU-2020:1875 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html http://www.ubuntu.com/usn/USN-2769-1 XForce ISS Database: apache-cve20143577-spoofing(95327) https://exchange.xforce.ibmcloud.com/vulnerabilities/95327 Common Vulnerability Exposure (CVE) ID: CVE-2014-3584 BugTraq ID: 70738 http://www.securityfocus.com/bid/70738 http://seclists.org/oss-sec/2014/q4/437 http://secunia.com/advisories/61909 XForce ISS Database: apache-cxf-cve20143584-dos(97753) https://exchange.xforce.ibmcloud.com/vulnerabilities/97753
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.